<?php
// -----------------------------------------------------------------------------------
switch($_POST["hidden"]){

	case "";
	// khoi dau trang khong co gia tri submit. khong lam zi ca
	break;
	
	case "submit_com_user_view";
	if($_POST["task"] == "block"){
		$check = FALSE;
		$values = $_POST["cid"];
		$myprocess = new process;
		for ($row = 0; $row < count($values); $row++){
			if($myprocess->process_pulish_and_un_publish_user("0", $values[$row]) <> FALSE)
			$check = TRUE;
		}
		if($check == TRUE)
		$GLOBALS['msg'] = "";
		else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
	}
	else if($_POST["task"] == "unblock"){
		$check = FALSE;
		$values = $_POST["cid"];
		$myprocess = new process;
		for ($row = 0; $row < count($values); $row++){
			if($myprocess->process_pulish_and_un_publish_user("1", $values[$row]) <> FALSE)
			$check = TRUE;
		}
		if($check == TRUE)
		$GLOBALS['msg'] = "";
		else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
	}

	else if($_POST["task"] == "remove"){
		$check = FALSE;
		$values = $_POST["cid"];
		$myprocess = new process;
		for ($row = 0; $row < count($values); $row++){
			if($myprocess->process_remove_user($values[$row]) <> FALSE)
			$check = TRUE;
		}
		if($check == TRUE)
		$GLOBALS['msg'] = "";
		else $GLOBALS['msg'] = "Hiện tại hệ thống đang gặp lỗi, vui lòng liên hệ quản trị !!! ";
	}

	else if($_POST["task"] == "changepage"){
		header("location: .?mod=manuser&r=".$_POST["limit"]);exit;
	}
	
	break;
	
	case "submit_com_user_edit":
		if($_POST["task"] == "save"){
			$myprocess = new process;
			if($myprocess->process_edit_user($_POST["name"], $_POST["email"], $_POST["password"], $_POST["userid"], $_POST["gid"]) <> FALSE)
			{$core_class->_redirect(".?com=com_user&view=view");exit;}
			else {$core_class->_redirect(".");exit;}
		}
	break;
	
	case "submit_com_user_edit_admin":
		if($_POST["task"] == "save"){
			$myprocess = new process;
			if($myprocess->process_edit_admin($_POST["name"], $_POST["email"], $_POST["password"], $_POST["userid"]) <> FALSE)
			{$core_class->_redirect(".");exit;}
			else {$core_class->_redirect(".");exit;}
		}
	break;
	
	case "submit_com_user_add";
		if($_POST["task"] == "save"){
			$myprocess = new process;
			if($myprocess->process_adduser($_POST["gid"], $_POST["username"], $_POST["name"], $_POST["email"], $_POST["password"] , $_POST["block"]) <> FALSE)
			{$core_class->_redirect(".?com=com_user&view=view");exit;}
			else {$core_class->_redirect(".");exit;}
		} else if($_POST["task"] == "apply"){
			$myprocess = new process;
			if($myprocess->process_adduser($_POST["gid"], $_POST["username"], $_POST["name"], $_POST["email"], $_POST["password"] , $_POST["block"]) <> FALSE)
			{$core_class->_redirect(".?com=com_user&view=add");exit;}
			else {$core_class->_redirect(".");exit;}
		}
	break;

	
	default:
		$core_class->_redirect(".");
	break;
}

class process{

	// ham su ly edit admin boi admin
	function process_edit_admin($pfullname, $pmail, $ppassword, $puserid){
		include("../protected/dbconnect.php");
		$sql = "SELECT `account`.`PassWord` FROM `account` WHERE `account`.`Ac_Id` = ?";
		$sql1 = "Update `account` Set `FullName` = ?, `Mail` = ?, `PassWord` = ? Where `Ac_Id` = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $puserid);
		$cmd->execute();
		$cmd->bind_result($PassWord);
		$cmd->store_result();
		if($cmd->fetch()){
			if($PassWord == $ppassword){
				$cmd = $mysqli->prepare($sql1);
				$cmd->bind_param("ssss", $pfullname, $pmail, $ppassword, $puserid);
				if($cmd->execute() <> FALSE){				
					return true;
				}
				else echo $mysqli->error;
			} else {
				$cmd = $mysqli->prepare($sql1);
				$cmd->bind_param("ssss", $pfullname, $pmail, md5($ppassword), $puserid);
				if($cmd->execute() <> FALSE){				
					return true;
				}
				else echo $mysqli->error;
			}
		}
		$cmd->close();
		$mysqli->close();
	}
		
	function process_adduser($PerID, $UserName, $FullName, $Mail, $PassWord, $Status){
		include("../protected/dbconnect.php");
		$sql = "Insert into account(`PerID`, `UserName`, `FullName`, `Mail`, `PassWord`, `Status`)
				VALUES (?, ?, ?, ?, ?, ?)";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("ssssss", $PerID, $UserName, $FullName, $Mail, md5($PassWord), $Status);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}
		
	function process_pulish_and_un_publish_user($check, $values){
		include("../protected/dbconnect.php");
		if($check == 0)
		$sql = "Update account Set `Status` = 0 Where Ac_Id = ?";
		else $sql = "Update account Set `Status` = 1 Where Ac_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $values);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}

	function process_remove_user($values){
		include("../protected/dbconnect.php");
		$sql = "Delete from account where Ac_Id = ?";
		$cmd = $mysqli->prepare($sql);
		$cmd->bind_param("s", $values);
		if($cmd->execute() <> FALSE) return true;
		else echo $mysqli->error;
		$cmd->close();
		$mysqli->close();
	}
	
	// ham su ly su kien edit user boi admin
	function process_edit_user($pfullname, $pmail, $ppassword, $puserid, $pPerID){

			include("../protected/dbconnect.php");
			$sql = "SELECT `account`.`PassWord` FROM `account` WHERE `account`.`Ac_Id` = ?;";
			$sql1 = "Update `account` Set `FullName` = ?, `Mail` = ?, `PassWord` = ?, `PerID` = ? Where Ac_Id = ?";

			$cmd = $mysqli->prepare($sql);
			$cmd->bind_param("s", $puserid);
			$cmd->execute();
			$cmd->bind_result($PassWord);
			$cmd->store_result();
			if($cmd->fetch()){
				if($PassWord == $ppassword){
					$cmd = $mysqli->prepare($sql1);
					$cmd->bind_param("sssss", $pfullname, $pmail, $ppassword, $pPerID, $puserid);
					if($cmd->execute() <> FALSE){				
						return true;
					}
					else echo $mysqli->error;
				} else {
					$cmd = $mysqli->prepare($sql1);
					$cmd->bind_param("sssss", $pfullname, $pmail, md5($ppassword), $pPerID, $puserid);
					if($cmd->execute() <> FALSE){				
						return true;
					}
					else echo $mysqli->error;
				}
			}
			$cmd->close();
			$mysqli->close();
		}
	
}
		
?>